rpms/clamav/FC-6 clamav-0.88.7-CVE-2007-0899.patch, NONE, 1.1 clamav-0.88.7-CVE-2007-0898.patch, NONE, 1.1 clamav-0.88.7-CVE-2007-0897.patch, NONE, 1.1 clamav.spec, 1.45, 1.46

Enrico Scholz (ensc) fedora-extras-commits at redhat.com
Tue Feb 20 07:48:38 UTC 2007 

Author: ensc

Update of /cvs/extras/rpms/clamav/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19769/FC-6

Modified Files:
	clamav.spec 
Added Files:
	clamav-0.88.7-CVE-2007-0899.patch 
	clamav-0.88.7-CVE-2007-0898.patch 
	clamav-0.88.7-CVE-2007-0897.patch 
Log Message:
[SECURITY]: imported Debian patches to fix CVE-2007-0897 (CAB file DOS),
CVE-2007-0898 (Directory traversal vulnerability) and CVE-2007-0899
(Heap overflow). Fix CVE-for 2007-0897 is not perfect (disables CAB file
parsing completely) but the best I can do atm


clamav-0.88.7-CVE-2007-0899.patch:

--- NEW FILE clamav-0.88.7-CVE-2007-0899.patch ---
--- clamav-0.88.7.orig/libclamav/fsg.c
+++ clamav-0.88.7/libclamav/fsg.c
@@ -72,7 +72,8 @@
   char *csrc = source, *cdst = dest;
   int oob, lostbit = 1;
 
-  /* I assume buffers size is >0 - No checking! */
+  if (ssize<=0 || dsize<=0) return -1;
+
   *cdst++=*csrc++;
 
   while ( 1 ) {

clamav-0.88.7-CVE-2007-0898.patch:

--- NEW FILE clamav-0.88.7-CVE-2007-0898.patch ---
--- clamav-0.88.7.orig/libclamav/mbox.c
+++ clamav-0.88.7/libclamav/mbox.c
@@ -3605,6 +3605,8 @@
 			char outname[NAME_MAX + 1];
 			time_t now;
 
+			sanitiseName(id);
+
 			snprintf(outname, sizeof(outname) - 1, "%s/%s", dir, id);
 
 			cli_dbgmsg("outname: %s\n", outname);

clamav-0.88.7-CVE-2007-0897.patch:

--- NEW FILE clamav-0.88.7-CVE-2007-0897.patch ---
--- clamav-0.88.7.orig/libclamav/filetypes.c
+++ clamav-0.88.7/libclamav/filetypes.c
@@ -59,7 +59,7 @@
     {0,	    "\037\213",			2,  "GZip",		CL_TYPE_GZ},
     {0,	    "BZh",			3,  "BZip",		CL_TYPE_BZ},
     {0,	    "SZDD",			4,  "compress.exe'd",	CL_TYPE_MSSZDD},
-    {0,	    "MSCF",			4,  "MS CAB",		CL_TYPE_MSCAB},
+    /* {0,	    "MSCF",			4,  "MS CAB",		CL_TYPE_MSCAB}, */
     {0,	    "ITSF",			4,  "MS CHM",           CL_TYPE_MSCHM},
     {0,     "#@~^",			4,  "SCRENC",		CL_TYPE_SCRENC},
     {0,     "(This file must be converted with BinHex 4.0)",


Index: clamav.spec
===================================================================
RCS file: /cvs/extras/rpms/clamav/FC-6/clamav.spec,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- clamav.spec	12 Dec 2006 08:17:53 -0000	1.45
+++ clamav.spec	20 Feb 2007 07:48:05 -0000	1.46
@@ -19,7 +19,7 @@
 Summary:	End-user tools for the Clam Antivirus scanner
 Name:		clamav
 Version:	0.88.7
-Release:	%release_func 1
+Release:	%release_func 2
 
 License:	GPL
 Group:		Applications/File
@@ -39,6 +39,9 @@
 Patch21:	clamav-0.70-path.patch
 Patch22:	clamav-0.80-initoff.patch
 Patch23:	clamav-0.88.4-visibility.patch
+Patch50:	clamav-0.88.7-CVE-2007-0897.patch
+Patch51:	clamav-0.88.7-CVE-2007-0898.patch
+Patch52:	clamav-0.88.7-CVE-2007-0899.patch
 BuildRoot:	%_tmppath/%name-%version-%release-root
 Requires:	clamav-lib = %version-%release
 Requires:	data(clamav)
@@ -180,6 +183,10 @@
 
 %prep
 %setup -q
+%patch50 -p1 -b .cve-2007-0897
+%patch51 -p1 -b .cve-2007-0898
+%patch52 -p1 -b .cve-2007-0899
+
 %patch0  -p1 -b '.guys,please-read-the-compiler-warnings-before-doing-a-release.patch'
 %patch1  -p1 -b .strncpy
 
@@ -448,6 +455,13 @@
 
 
 %changelog
+* Tue Feb 20 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.7-2
+- [SECURITY]: imported Debian patches to fix CVE-2007-0897 (CAB
+  file DOS), CVE-2007-0898 (Directory traversal vulnerability) and
+  CVE-2007-0899 (Heap overflow). Fix CVE-for 2007-0897 is not
+  perfect (disables CAB file parsing completely) but the best I
+  can do atm
+
 * Tue Dec 12 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.7-1
 - updated to 0.88.7

More information about the scm-commits mailing list